This is an updated 2023 version (adapted for Python3) of the Python2 exploit for CVE-2019-9053 created by Daniele Scanu @ Certimeter Group in 2019. All I did was adapt the code for Python3. All credit goes to Daniele Scanu for the original exploit.
| Information | Description |
|---|---|
| Exploit Title | Unauthenticated SQL Injection on CMS Made Simple <= 2.2.9 |
| Exploit Version | Python3 |
| Date | 10-15-2023 |
| Author | Doc0x1 |
| Vendor Homepage | https://www.cmsmadesimple.org/ |
| Software Link | https://www.cmsmadesimple.org/downloads/cmsms/ |
| Version | <= 2.2.9 |
| Tested on | Ubuntu 18.04 LTS |
| CVE | CVE-2019-9053 |
python3 exploit.py -u http://target-uri
python3 exploit.py -u http://target-uri --crack -w /path-wordlist